Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ebay possible malware / virus asking for My Name, social security# mother's maiden name, credit card#, ATM pin


  • This topic is locked This topic is locked
51 replies to this topic

#1 bulldzr

bulldzr

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 03 April 2010 - 08:13 PM

Enter your information
We have noticed an increasing fraudulent activity recently. In order to provide your security and protect you from fraudsters we have introduced a new system of identification that will help us to avoid any kind of fraud or unauthorised access.

Please enter as more information as possible to provide your complete identification and to activate all the features of the new system.

User Information:
First Name: Last Name:


Date of Birth (mm/dd/yyyy):
/ /

Social Security Number:
- -

Mother's Maiden Name:

Card Information (ie, ATM, debit, credit card):

Card Number:

Card Expiration Date (mm/yyyy):
/

Card CVV2:

ATM PIN:


thats what showed up when i tryied to log into ebay every time. i tried everything malewarebytes, ccleaner , spybot search & destroy, SuperAntiSpyware 4.35.1000 free edition, hitman pro 3.5, Microsoft security essentials, AVG 9.0 free edition, i even tried your combofix and followed the intructions from this site on what to do. turned off all virus protection programs and let it run. It did find a rootkit and IT removed it by rebooting once or twice in normal mode, just to make sure i even did it in safe mode too and found nothing there. (just let you know i also did the other programs in safe mode too still found nothing) i am still not able to log into ebay through IE or firefox 3.5.8 . so here is my dds log & my GMER log below .

THANK YOU
bulldzr



DDS (Ver_10-03-17.01) - NTFSx86
Run by Tim at 21:25:49.78 on Fri 04/02/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.567 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\Turbine\Turbine Download Manager - Lamannia\TurbineMessageService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Turbine\Turbine Download Manager - Lamannia\TurbineNetworkService.exe
C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Tim\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.marketamerica.com/timlandry
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Google Update] "c:\documents and settings\tim\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08af -f video -m logitech -d 11.1.0.2016
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://activation.rr.com/install/downloads/tgctlcm.cab
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15108/CTPID.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tim\applic~1\mozilla\firefox\profiles\mgvioudk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.marketamerica.com/timlandry
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\tim\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\tim\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\sonyon~1\npsoe.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPDFusionWebFirefox.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\total immersion\dfusionhomewebplugin\NPDFusionWebFirefox.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 MrFilter;EasyWrite Driver;c:\windows\system32\drivers\MRFilter.sys [2009-9-21 12096]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-3 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-3 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-3 242696]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 66632]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-12 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-12 308064]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2009-8-5 284016]
R2 PublicPreviewTurbineMessageService;Turbine Message Service - PublicPreview;c:\program files\turbine\turbine download manager - lamannia\TurbineMessageService.exe [2009-8-5 271856]
R3 PublicPreviewTurbineNetworkService;Turbine Network Service - PublicPreview;c:\program files\turbine\turbine download manager - lamannia\TurbineNetworkService.exe [2009-8-5 218608]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872]
S2 reqcftxk;reqcftxk;c:\windows\system32\drivers\aawyhfwn.sys --> c:\windows\system32\drivers\aawyhfwn.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\tim\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\tim\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [2007-5-3 12112]
S3 XDva005;XDva005;\??\c:\windows\system32\xdva005.sys --> c:\windows\system32\XDva005.sys [?]
S3 XDva024;XDva024;\??\c:\windows\system32\xdva024.sys --> c:\windows\system32\XDva024.sys [?]
S3 XDva031;XDva031;\??\c:\windows\system32\xdva031.sys --> c:\windows\system32\XDva031.sys [?]
S3 XDva064;XDva064;\??\c:\windows\system32\xdva064.sys --> c:\windows\system32\XDva064.sys [?]
S3 XDva214;XDva214;\??\c:\windows\system32\xdva214.sys --> c:\windows\system32\XDva214.sys [?]
S3 XDva244;XDva244;\??\c:\windows\system32\xdva244.sys --> c:\windows\system32\XDva244.sys [?]
S3 XDva321;XDva321;\??\c:\windows\system32\xdva321.sys --> c:\windows\system32\XDva321.sys [?]
S3 XDva324;XDva324;\??\c:\windows\system32\xdva324.sys --> c:\windows\system32\XDva324.sys [?]

=============== Created Last 30 ================

2010-03-30 19:45:11 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-03-30 19:41:25 0 d-----w- c:\program files\Microsoft Security Essentials
2010-03-30 01:36:11 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-03-27 22:29:10 420 ----a-w- c:\windows\system32\.crusader
2010-03-27 22:03:18 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-03-27 22:00:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-03-27 22:00:55 0 d-----w- c:\program files\Hitman Pro 3.5
2010-03-27 16:11:57 77312 ----a-w- c:\windows\MBR.exe
2010-03-27 12:08:23 0 d-----w- c:\program files\TrendMicro
2010-03-22 08:20:06 0 d-----w- c:\program files\Steam
2010-03-13 12:03:41 0 d-----w- c:\windows\system32\scripting
2010-03-13 12:03:41 0 d-----w- c:\windows\l2schemas
2010-03-13 12:03:40 0 d-----w- c:\windows\system32\en
2010-03-13 12:03:40 0 d-----w- c:\windows\system32\bits
2010-03-13 11:59:55 0 d-----w- c:\windows\network diagnostic
2010-03-12 14:02:46 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-12 11:02:05 0 d-----w- c:\program files\Amazon
2010-03-10 04:33:38 1025024 -c----w- c:\windows\system32\dllcache\browseui.dll
2010-03-08 20:01:04 0 d-----w- c:\program files\common files\xing shared
2010-03-06 04:43:23 0 d-----w- c:\program files\NVIDIA Corporation
2010-03-06 04:34:43 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-03-06 04:34:23 664 ----a-w- c:\windows\system32\d3d9caps.dat

==================== Find3M ====================

2010-03-29 19:24:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 19:24:46 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-12 22:02:38 261632 ----a-w- c:\windows\PEV.exe
2010-03-12 14:02:48 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-12 14:02:09 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-06 03:05:24 98304 ----a-w- c:\windows\DUMP5236.tmp
2010-02-26 05:43:57 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43:54 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-07 17:13:50 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-01-22 23:49:16 70984 ----a-w- c:\documents and settings\tim\g2mdlhlpx.exe
2010-01-19 02:58:26 31064 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-12 17:03:34 182888 ----a-w- c:\windows\system32\nvcod.dll

============= FINISH: 21:26:35.37 ===============



MY GMER LOG IS BELOW:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-03 06:49:21
Windows 5.1.2600 Service Pack 3
Running: hpnp61vf.exe; Driver: C:\DOCUME~1\Tim\LOCALS~1\Temp\pxdiypow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA94C9320]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\viamraid \Device\Scsi\viamraid1 8A676A80
Device \Driver\viamraid \Device\Scsi\viamraid1Port2Path0Target2Lun0 8A676A80

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\ERDNT\subs\default 4513792 bytes
File C:\WINDOWS\ERDNT\subs\ERDNT.CON 673 bytes
File C:\WINDOWS\ERDNT\subs\ERDNT.EXE 163328 bytes executable
File C:\WINDOWS\ERDNT\subs\ERDNT.INF 1237 bytes
File C:\WINDOWS\ERDNT\subs\ERDNTDOS.LOC 2815 bytes
File C:\WINDOWS\ERDNT\subs\ERDNTWIN.LOC 3275 bytes
File C:\WINDOWS\ERDNT\subs\SAM 28672 bytes
File C:\WINDOWS\ERDNT\subs\SECURITY 0 bytes
File C:\WINDOWS\ERDNT\subs\software 0 bytes
File C:\WINDOWS\ERDNT\subs\software.LOG 0 bytes
File C:\WINDOWS\ERDNT\subs\system 0 bytes
File C:\WINDOWS\ERDNT\subs\system.LOG 0 bytes
File C:\WINDOWS\ERDNT\subs\Users 0 bytes
File C:\WINDOWS\l2schemas\eaptlsconnectionpropertiesv1.xsd 3192 bytes
File C:\WINDOWS\l2schemas\baseeapconnectionpropertiesv1.xsd 1066 bytes
File C:\WINDOWS\l2schemas\baseeapmethodconfig.xsd 612 bytes
File C:\WINDOWS\l2schemas\baseeapmethodusercredentials.xsd 648 bytes
File C:\WINDOWS\l2schemas\baseeapuserpropertiesv1.xsd 1116 bytes
File C:\WINDOWS\l2schemas\eapcommon.xsd 752 bytes
File C:\WINDOWS\l2schemas\eapconnectionpropertiesv1.xsd 1159 bytes
File C:\WINDOWS\l2schemas\eaphostconfig.xsd 1115 bytes
File C:\WINDOWS\l2schemas\eaphostusercredentials.xsd 1193 bytes
File C:\WINDOWS\l2schemas\eaptlsuserpropertiesv1.xsd 1329 bytes
File C:\WINDOWS\l2schemas\eapuserpropertiesv1.xsd 789 bytes
File C:\WINDOWS\l2schemas\lan_policy_v1.xsd 2687 bytes
File C:\WINDOWS\l2schemas\lan_profile_v1.xsd 2241 bytes
File C:\WINDOWS\l2schemas\mschapv2connectionpropertiesv1.xsd 1271 bytes
File C:\WINDOWS\l2schemas\mschapv2userpropertiesv1.xsd 1410 bytes
File C:\WINDOWS\l2schemas\mspeapconnectionpropertiesv1.xsd 2843 bytes
File C:\WINDOWS\l2schemas\mspeapuserpropertiesv1.xsd 1484 bytes
File C:\WINDOWS\l2schemas\onex_v1.xsd 5957 bytes
File C:\WINDOWS\l2schemas\wlan_profile_v1.xsd 15263 bytes
File C:\WINDOWS\Logs\DirectX.log 635802 bytes
File C:\WINDOWS\Logs\DXError.log 3661 bytes
File C:\WINDOWS\$NtUninstallKB961501$\kb961501.cat 9370 bytes
File C:\WINDOWS\$NtUninstallKB961501$\localspl.dll 343040 bytes executable
File C:\WINDOWS\$NtUninstallKB961501$\spuninst 0 bytes
File C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe 231288 bytes executable
File C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.inf 11752 bytes
File C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.txt 263 bytes
File C:\WINDOWS\$NtUninstallKB961501$\spuninst\updspapi.dll 382840 bytes executable
File C:\WINDOWS\$NtUninstallKB961501_0$\localspl.dll 341504 bytes executable
File C:\WINDOWS\$NtUninstallKB961501_0$\spuninst 0 bytes
File C:\WINDOWS\$NtUninstallKB961501_0$\spuninst\spuninst.exe 231288 bytes executable
File C:\WINDOWS\$NtUninstallKB961501_0$\spuninst\spuninst.inf 14068 bytes
File C:\WINDOWS\$NtUninstallKB961501_0$\spuninst\spuninst.txt 484 bytes
File C:\WINDOWS\$NtUninstallKB961501_0$\spuninst\updspapi.dll 382840 bytes executable
File C:\WINDOWS\$NtUninstallKB961503$\kb961503.cat 10200 bytes
File C:\WINDOWS\$NtUninstallKB961503$\msctfime.ime 177152 bytes executable
File C:\WINDOWS\$NtUninstallKB961503$\spuninst 0 bytes
File C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe 231288 bytes executable
File C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.inf 11708 bytes
File C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.txt 263 bytes
File C:\WINDOWS\$NtUninstallKB961503$\spuninst\updspapi.dll 382840 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Services\112a48e34620a0210eb850040da8a31b\System.Data.Services.ni.dll 1328128 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll 2510336 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll 10683392 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll 455680 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c92fc19800e701c90f90ab7a2ab44c47\System.DirectoryServices.AccountManagement.ni.dll 881152 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll 1116672 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll 208384 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll 627712 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll 280064 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll 212992 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll 1056768 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll 381440 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management.I#\818b20a7c6f3b2fe97bf008ca24080c1\System.Management.Instrumentation.ni.dll 330752 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll 17317888 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e182695d05ea57257568bc5f3208aca7\System.ServiceModel.Web.ni.dll 1706496 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\99594bae1d022502925f5b9dfcdaae9a\System.Speech.ni.dll 1917440 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll 627200 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\1896753d02d146be1988d32241300f51\System.Web.Abstractions.ni.dll 141312 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\4b87ca3482a3c0ee733e028ecee7de65\System.Web.DynamicData.Design.ni.dll 36864 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d0070c1c1a642ae30394e00bc0d82336\System.Web.DynamicData.ni.dll 547328 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\9e199645bd26f1afe58ebe185d1e7f0f\System.Web.Entity.ni.dll 328704 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\652017ebe962ab2eb271c2524f31cd61\System.Web.Entity.Design.ni.dll 301056 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\884eacddf339b8b342f66aedff5f8ef9\System.Web.Extensions.Design.ni.dll 859648 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\981dea02bc63c0c083e335adf9018788\System.Web.Extensions.ni.dll 2403328 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\29e2f8b1fb691ced973acf49fcee6ec1\System.Web.Mobile.ni.dll 2209280 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll 202240 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e7666364bf9f3ba5f4833c9efedd8218\System.Web.Routing.ni.dll 129536 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.AddIn\cba35f47925431a54d0e6ae147a292f1\System.AddIn.ni.dll 633856 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f9a75bbdc2ce7db578b5977766a09b99\System.AddIn.Contract.ni.dll 82944 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4ff4134b0d490c090e03d74e104517c4\System.Data.DataSetExtensions.ni.dll 135680 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\9012cac7819660f61f1c69cf8e4f2ccf\System.Data.Entity.ni.dll 9924096 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\cf906bf9146d1f0013451ec63b58e064\System.Data.Entity.Design.ni.dll 756736 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll 2516480 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\twaingui\06d31588147ab588916e38063e83dfa4 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\twaingui\06d31588147ab588916e38063e83dfa4\twaingui.ni.exe 3594752 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\twaingui\d7b169136868478437fa099f1ecbfc8a 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\twaingui\d7b169136868478437fa099f1ecbfc8a\twaingui.ni.exe 3594752 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll 447488 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll 1049600 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll 60928 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll 187904 bytes executable
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68 0 bytes
File C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll 240128 bytes executable
File C:\WINDOWS\$NtUninstallKB896358$\hh.exe 10752 bytes executable
File C:\WINDOWS\$NtUninstallKB896358$\hhsetup.dll 38912 bytes executable
File C:\WINDOWS\$NtUninstallKB896358$\itircl.dll 143872 bytes executable
File C:\WINDOWS\$NtUninstallKB896358$\itss.dll 134144 bytes executable
File C:\WINDOWS\$NtUninstallKB896358$\reg00001 8192 bytes
File C:\WINDOWS\$NtUninstallKB896358$\reg00002 8192 bytes
File C:\WINDOWS\$NtUninstallKB896358$\reg00003 8192 bytes
File C:\WINDOWS\$NtUninstallKB896358$\reg00004 8192 bytes
File C:\WINDOWS\$NtUninstallKB896358$\spuninst 0 bytes
File C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe 209632 bytes executable
File C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.inf 6886 bytes
File C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.txt 703 bytes
File C:\WINDOWS\$NtUninstallKB896358$\spuninst\updspapi.dll 371936 bytes executable
File C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\atl.dll 74802 bytes executable
File C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42.dll 995383 bytes executable
File C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42u.dll 995384 bytes executable
File C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\msvcp60.dll 401462 bytes executable

---- EOF - GMER 1.0.15 ----

Attached Files


Edited by bulldzr, 03 April 2010 - 09:15 PM.


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:48 AM

Posted 08 April 2010 - 11:08 AM

Hello and and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since
resolved your issues I would appreciate if you would let me no so I can close this topic.


I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Microsoft Security Essentials or AVG.


  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<info.txt (<



Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Then please post back here with the following:
  • log.txt
  • info.txt
  • MBAM log

Thanks

unite.jpg


#3 bulldzr

bulldzr
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 08 April 2010 - 01:04 PM

here is the files you wanted mbam log, log.txt, info.txt............. computer is laging so bad trying to do things cause of the problem i am haveing what ever this spyware, malware, virus thing it is begining to fustrate me so here is the stuff you need.



Logfile of random's system information tool 1.06 (written by random/random)
Run by Tim at 2010-04-08 13:35:17
Microsoft Windows XP Professional Service Pack 3
System drive C: has 139 GB (46%) free of 305 GB
Total RAM: 1535 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:36:20 PM, on 4/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\Turbine\Turbine Download Manager - Lamannia\TurbineMessageService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Turbine\Turbine Download Manager - Lamannia\TurbineNetworkService.exe
C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Tim\Desktop\RSIT.exe
C:\Program Files\trend micro\Tim.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.marketamerica.com/timlandry
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08af -f video -m logitech -d 11.1.0.2016 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08af -f video -m logitech -d 11.1.0.2016 (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareup...101/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareup...15108/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Turbine Message Service - PublicPreview (PublicPreviewTurbineMessageService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager - Lamannia\TurbineMessageService.exe
O23 - Service: Turbine Network Service - PublicPreview (PublicPreviewTurbineNetworkService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager - Lamannia\TurbineNetworkService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 9813 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-2111687655-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-2111687655-839522115-1003UA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1004336348-2111687655-839522115-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1004336348-2111687655-839522115-1003.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-03-08 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-04-01 1602912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-12-06 69216]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18 207360]
"Conime"=C:\WINDOWS\system32\conime.exe [2008-04-13 27648]
"EKIJ5000StatusMonitor"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe [2009-08-03 1626112]
"CLMLServer"=C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [2009-06-03 103720]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-03-08 202256]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-11-20 110184]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-11-20 12669544]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2010-02-21 1093208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\Tim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 133104]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-10-07 323392]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-04-03 2012912]
"Steam"=C:\Program Files\Steam\Steam.exe [2010-03-22 1217872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
C:\WINDOWS\CTHELPER.EXE [2006-08-11 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
C:\WINDOWS\system32\CTXFIHLP.EXE [2006-08-11 18944]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2010-01-22 141608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe [2009-07-08 2684200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tim^Start Menu^Programs^Startup^ScreenThemes.lnk]
C:\PROGRA~1\SCREEN~1\scthemes.exe [2003-02-25 241664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-03-12 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro35Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Program Files\BitTorrent\bittorrent.exe"="E:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:bittorrent"
"E:\Program Files\LimeWire\LimeWire.exe"="E:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Documents and Settings\Tim\Desktop\utorrent.exe"="C:\Documents and Settings\Tim\Desktop\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe"="C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Wonderland Online\main.exe"="C:\Program Files\Wonderland Online\main.exe:*:Enabled:main"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\ONWIND\ZU-ONLINE\ZuOnline.exe"="C:\Program Files\ONWIND\ZU-ONLINE\ZuOnline.exe:*:Enabled:ZuOnline"
"C:\Program Files\ONWIND\ZU-ONLINE\BT_Update.exe"="C:\Program Files\ONWIND\ZU-ONLINE\BT_Update.exe:*:Enabled:BT_Update"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\AeriaGames\12Sky\TwelveSky.exe"="C:\AeriaGames\12Sky\TwelveSky.exe:*:Enabled:TwelveSky"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"E:\Program Files\StarWarsGalaxies\SwgClient_r.exe"="E:\Program Files\StarWarsGalaxies\SwgClient_r.exe:*:Enabled:SwgClient_r"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\Program Files\Monte Cristo\Cities XL\cds\CitiesXL_http.exe"="C:\Program Files\Monte Cristo\Cities XL\cds\CitiesXL_http.exe:*:Enabled:CitiesXL_http"
"C:\Program Files\'Full Speed' Internet Booster + Performance Tests\FullSpeed.exe"="C:\Program Files\'Full Speed' Internet Booster + Performance Tests\FullSpeed.exe:*:Enabled:Increase Your Internet Speed"
"C:\Program Files\Turbine\Dungeons and Dragons Online - Stormreach - Lamannia\dndclient.exe"="C:\Program Files\Turbine\Dungeons and Dragons Online - Stormreach - Lamannia\dndclient.exe:*:Enabled:dndclient"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\Turbine\DDO Unlimited\dndclient.exe"="C:\Program Files\Turbine\DDO Unlimited\dndclient.exe:*:Enabled:dndclient"
"C:\Program Files\Sony\EverQuest\EQVoiceService.exe"="C:\Program Files\Sony\EverQuest\EQVoiceService.exe:*:Enabled:EQVoiceService"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe"="C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe:*:Enabled:Kodak.AiO.HomeCenter"
"C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe"="C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe:*:Enabled:Kodak.AiO.Statistics"
"C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe"="C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe:*:Enabled:Kodak.AiO.SetupUtility"
"C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe"="C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe:*:Enabled:Kodak.AiO.FwUpdater"
"C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe"="C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe:*:Enabled:Kodak.AiO.Installer"
"C:\Program Files\cdv Software Entertainment USA\Sacred 2 - Fallen Angel\system\s2gs.exe"="C:\Program Files\cdv Software Entertainment USA\Sacred 2 - Fallen Angel\system\s2gs.exe:*:Enabled:Sacred 2 Game Server"
"C:\Program Files\cdv Software Entertainment USA\Sacred 2 - Fallen Angel\system\sacred2.exe"="C:\Program Files\cdv Software Entertainment USA\Sacred 2 - Fallen Angel\system\sacred2.exe:*:Enabled:Sacred 2"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\dlls\ubiorbitapi_r1.dll"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\dlls\ubiorbitapi_r1.dll:*:Enabled:Ubisoft Game Launcher Dynamic Linked Library"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Turbine\Turbine Download Manager - Lamannia\TurbineMessageService.exe"="C:\Program Files\Turbine\Turbine Download Manager - Lamannia\TurbineMessageService.exe:*:Enabled:TurbineMessageService"
"C:\Program Files\Turbine\Turbine Download Manager - Lamannia\TurbineNetworkService.exe"="C:\Program Files\Turbine\Turbine Download Manager - Lamannia\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-04-08 13:35:26 ----D---- C:\Program Files\trend micro
2010-04-08 13:35:17 ----D---- C:\rsit
2010-03-30 15:45:11 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2010-03-30 15:41:25 ----D---- C:\Program Files\Microsoft Security Essentials
2010-03-30 15:36:52 ----HDC---- C:\WINDOWS\$NtUninstallKB980182$
2010-03-29 23:07:14 ----SHD---- C:\RECYCLER
2010-03-29 21:36:11 ----A---- C:\WINDOWS\system32\bootdelete.exe
2010-03-29 18:22:07 ----A---- C:\mbam-error.txt
2010-03-29 16:01:20 ----A---- C:\ComboFix.txt
2010-03-27 18:00:58 ----D---- C:\Documents and Settings\All Users\Application Data\Hitman Pro
2010-03-27 18:00:55 ----D---- C:\Program Files\Hitman Pro 3.5
2010-03-27 12:11:57 ----A---- C:\WINDOWS\MBR.exe
2010-03-27 08:08:23 ----D---- C:\Program Files\TrendMicro
2010-03-22 04:20:06 ----D---- C:\Program Files\Steam
2010-03-13 08:31:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-03-13 08:31:22 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-03-13 08:31:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-03-13 08:20:32 ----D---- C:\WINDOWS\Prefetch
2010-03-13 08:18:18 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-03-13 08:18:10 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-03-13 08:18:02 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-03-13 08:17:55 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-03-13 08:17:47 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-03-13 08:17:37 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-03-13 08:17:29 ----HDC---- C:\WINDOWS\$NtUninstallKB976749$
2010-03-13 08:17:21 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2010-03-13 08:17:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-13 08:17:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-03-13 08:16:58 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-03-13 08:16:50 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-03-13 08:16:44 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-03-13 08:16:36 ----HDC---- C:\WINDOWS\$NtUninstallKB974455$
2010-03-13 08:16:29 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-03-13 08:16:21 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-03-13 08:16:14 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-03-13 08:16:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-03-13 08:15:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-03-13 08:15:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-03-13 08:15:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-03-13 08:15:34 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-03-13 08:15:25 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-03-13 08:15:17 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2010-03-13 08:15:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-03-13 08:15:03 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-03-13 08:14:56 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2010-03-13 08:14:49 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-03-13 08:14:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-03-13 08:14:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-03-13 08:14:25 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-03-13 08:14:17 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-03-13 08:14:10 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-03-13 08:14:01 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2010-03-13 08:13:53 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-03-13 08:13:46 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2010-03-13 08:13:38 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-03-13 08:13:29 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-03-13 08:13:19 ----HDC---- C:\WINDOWS\$NtUninstallKB978207_1$
2010-03-13 08:13:09 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2010-03-13 08:13:00 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2010-03-13 08:12:52 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-03-13 08:12:45 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2010-03-13 08:12:38 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2010-03-13 08:12:23 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-03-13 08:12:16 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-03-13 08:12:08 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-03-13 08:11:59 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2010-03-13 08:11:52 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-03-13 08:11:44 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-03-13 08:11:36 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2010-03-13 08:11:29 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2010-03-13 08:11:22 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-03-13 08:11:12 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2010-03-13 08:11:05 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2010-03-13 08:10:58 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2010-03-13 08:10:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-03-13 08:10:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2010-03-13 08:10:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-03-13 08:10:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-03-13 08:10:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-03-13 08:10:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-03-13 08:09:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2010-03-13 08:09:48 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-03-13 08:09:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2010-03-13 08:09:32 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-03-13 08:09:25 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_1$
2010-03-13 08:09:18 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2010-03-13 08:09:11 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2010-03-13 08:09:01 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2010-03-13 08:08:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-03-13 08:08:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-03-13 08:08:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-03-13 08:08:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-03-13 08:08:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2010-03-13 08:08:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-03-13 08:08:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2010-03-13 08:07:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-03-13 08:07:51 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-03-13 08:07:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-03-13 08:07:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2010-03-13 08:07:25 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-03-13 08:07:19 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2010-03-13 08:07:12 ----HDC---- C:\WINDOWS\$NtUninstallKB932716-v2$
2010-03-13 08:07:04 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-03-13 08:04:37 ----A---- C:\WINDOWS\setuplog.txt
2010-03-13 08:03:41 ----D---- C:\WINDOWS\system32\scripting
2010-03-13 08:03:41 ----D---- C:\WINDOWS\l2schemas
2010-03-13 08:03:40 ----D---- C:\WINDOWS\system32\en
2010-03-13 08:03:40 ----D---- C:\WINDOWS\system32\bits
2010-03-13 07:59:55 ----D---- C:\WINDOWS\network diagnostic
2010-03-13 07:57:25 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-03-12 10:02:46 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-03-12 07:02:12 ----D---- C:\Documents and Settings\Tim\Application Data\Amazon
2010-03-12 07:02:05 ----D---- C:\Program Files\Amazon
2010-03-10 00:15:59 ----HDC---- C:\WINDOWS\$NtUninstallKB975561_0$

======List of files/folders modified in the last 1 months======

2010-04-08 13:35:49 ----D---- C:\WINDOWS\temp
2010-04-08 13:35:35 ----D---- C:\Documents and Settings\Tim\Application Data\DNA
2010-04-08 13:35:26 ----RD---- C:\Program Files
2010-04-08 13:30:02 ----SD---- C:\WINDOWS\Tasks
2010-04-08 13:25:41 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-08 13:25:32 ----D---- C:\Program Files\DNA
2010-04-08 13:24:37 ----D---- C:\Documents and Settings\All Users\Application Data\Kodak
2010-04-08 13:05:47 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-08 12:05:53 ----D---- C:\Program Files\CCleaner
2010-04-08 07:18:26 ----D---- C:\Program Files\Mozilla Firefox
2010-04-03 20:10:02 ----D---- C:\Program Files\SUPERAntiSpyware
2010-04-03 19:26:17 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-03 08:21:40 ----HD---- C:\WINDOWS\inf
2010-04-02 09:21:51 ----D---- C:\WINDOWS\system32
2010-04-01 20:31:45 ----SHD---- C:\WINDOWS\Installer
2010-03-31 12:40:14 ----D---- C:\WINDOWS
2010-03-30 15:41:46 ----D---- C:\WINDOWS\system32\drivers
2010-03-30 15:41:39 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-03-30 15:37:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-30 14:38:52 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-29 18:22:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-29 16:01:02 ----D---- C:\Qoobox
2010-03-29 15:58:38 ----A---- C:\WINDOWS\system.ini
2010-03-29 15:54:55 ----D---- C:\WINDOWS\AppPatch
2010-03-29 15:54:52 ----D---- C:\Program Files\Common Files
2010-03-27 12:39:59 ----D---- C:\WINDOWS\ERDNT
2010-03-27 12:15:13 ----D---- C:\WINDOWS\system32\config
2010-03-26 08:22:11 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-03-24 22:20:28 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-23 22:40:32 ----D---- C:\Program Files\Defraggler
2010-03-22 10:11:42 ----D---- C:\Program Files\Turbine
2010-03-19 22:06:02 ----D---- C:\WINDOWS\Help
2010-03-14 15:38:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-13 08:31:49 ----A---- C:\WINDOWS\imsins.BAK
2010-03-13 08:31:43 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-13 08:31:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-03-13 08:22:13 ----A---- C:\WINDOWS\OEWABLog.txt
2010-03-13 08:21:56 ----D---- C:\WINDOWS\Debug
2010-03-13 08:20:06 ----D---- C:\WINDOWS\system32\wbem
2010-03-13 08:20:06 ----D---- C:\WINDOWS\system32\Setup
2010-03-13 08:20:06 ----D---- C:\Program Files\Messenger
2010-03-13 08:20:06 ----D---- C:\Program Files\Internet Explorer
2010-03-13 08:20:05 ----RSD---- C:\WINDOWS\Fonts
2010-03-13 08:19:04 ----D---- C:\WINDOWS\security
2010-03-13 08:17:15 ----D---- C:\Program Files\Movie Maker
2010-03-13 08:15:35 ----D---- C:\Program Files\Outlook Express
2010-03-13 08:04:07 ----D---- C:\WINDOWS\WinSxS
2010-03-13 08:04:03 ----D---- C:\Program Files\Windows Media Player
2010-03-13 08:03:50 ----D---- C:\WINDOWS\system32\inetsrv
2010-03-13 08:03:49 ----D---- C:\WINDOWS\ime
2010-03-13 08:03:42 ----D---- C:\WINDOWS\system32\en-US
2010-03-13 08:03:41 ----D---- C:\WINDOWS\system32\usmt
2010-03-13 08:03:40 ----D---- C:\WINDOWS\PeerNet
2010-03-13 08:01:17 ----D---- C:\WINDOWS\ServicePackFiles
2010-03-13 08:01:10 ----D---- C:\WINDOWS\system32\Restore
2010-03-13 08:01:10 ----D---- C:\WINDOWS\system32\npp
2010-03-13 08:01:10 ----D---- C:\WINDOWS\mui
2010-03-13 08:01:09 ----D---- C:\WINDOWS\msagent
2010-03-13 08:01:08 ----D---- C:\WINDOWS\srchasst
2010-03-13 08:01:07 ----D---- C:\Program Files\NetMeeting
2010-03-13 08:01:06 ----D---- C:\WINDOWS\system32\Com
2010-03-13 08:01:04 ----D---- C:\Program Files\Windows NT
2010-03-13 08:01:02 ----D---- C:\Program Files\Common Files\System
2010-03-13 08:00:50 ----D---- C:\WINDOWS\system32\oobe
2010-03-13 08:00:49 ----D---- C:\WINDOWS\system
2010-03-13 07:57:23 ----D---- C:\WINDOWS\ehome
2010-03-12 18:02:38 ----A---- C:\WINDOWS\PEV.exe
2010-03-12 15:25:55 ----D---- C:\Program Files\Cryptic Studios
2010-03-11 16:55:50 ----D---- C:\WINDOWS\Minidump
2010-03-10 00:33:41 ----A---- C:\WINDOWS\system32\shdocvw.dll
2010-03-10 00:33:38 ----A---- C:\WINDOWS\system32\browseui.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-03-12 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-03-12 29512]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-03-12 242696]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2009-12-02 149040]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2006-08-11 502272]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2006-08-11 499584]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2006-08-11 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2006-08-11 143872]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2006-08-11 78336]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2006-08-11 766976]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2006-08-11 154112]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-11-20 10235968]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2006-08-11 116224]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 reqcftxk;reqcftxk; C:\WINDOWS\system32\drivers\aawyhfwn.sys []
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS []
S3 catchme;catchme; \??\C:\DOCUME~1\Tim\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\Tim\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-11-10 340704]
S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2003-01-10 30921]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2006-08-11 180224]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 ICAM3NT5;Intel USB Video Camera III; C:\WINDOWS\System32\Drivers\Icam3.sys [2001-08-17 141056]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 se32;EnTech softEngine; C:\WINDOWS\system32\drivers\se32.sys [2007-05-03 12112]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 XDva005;XDva005; \??\C:\WINDOWS\system32\XDva005.sys []
S3 XDva024;XDva024; \??\C:\WINDOWS\system32\XDva024.sys []
S3 XDva031;XDva031; \??\C:\WINDOWS\system32\XDva031.sys []
S3 XDva064;XDva064; \??\C:\WINDOWS\system32\XDva064.sys []
S3 XDva214;XDva214; \??\C:\WINDOWS\system32\XDva214.sys []
S3 XDva244;XDva244; \??\C:\WINDOWS\system32\XDva244.sys []
S3 XDva321;XDva321; \??\C:\WINDOWS\system32\XDva321.sys []
S3 XDva324;XDva324; \??\C:\WINDOWS\system32\XDva324.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-03-12 916760]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-12 308064]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe [2009-08-05 284016]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-12-09 17904]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-11-20 154216]
R2 PublicPreviewTurbineMessageService;Turbine Message Service - PublicPreview; C:\Program Files\Turbine\Turbine Download Manager - Lamannia\TurbineMessageService.exe [2010-01-05 271856]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-08 167936]
R3 PublicPreviewTurbineNetworkService;Turbine Network Service - PublicPreview; C:\Program Files\Turbine\Turbine Download Manager - Lamannia\TurbineNetworkService.exe [2010-01-05 218608]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-01-22 545576]
S3 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe []
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-03-16 2788404]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------



this is the info.txt below




info.txt logfile of random's system information tool 1.06 2010-04-08 13:36:37

======Uninstall list======

-->MsiExec /X{506DDFBE-983F-4BC3-84B8-65F423B2D798}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
12Sky-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4235A9E5-EEFF-42E7-BEC9-9D421DD10ECB}\setup.exe" -l0x9 -removeonly
Ad-Aware SE Professional-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Download Manager 2.2 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Age of Conan - Hyborian Adventures-->"C:\Program Files\Funcom\Age of Conan\unins000.exe"
aiofw-->MsiExec.exe /I{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}
aioprnt-->MsiExec.exe /X{0645A454-AD44-4F0D-99CF-6B762735AD1F}
aioscnnr-->MsiExec.exe /I{074AED0D-DD1C-432A-B38D-F8733604033F}
aioscnnr-->MsiExec.exe /X{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}
Amazing Universe Premium Screen Saver-->"C:\PROGRA~1\Freeze.com\Amazing Universe Premium\UNINSTAL.EXE"
Amazon Kindle For PC v1.0-->C:\Program Files\Amazon\Kindle For PC\uninstall.exe
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Print Creations - Album Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1AlbumPage
ArcSoft Print Creations - Funhouse-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1Funhouse
ArcSoft Print Creations - Greeting Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1GreetingCard
ArcSoft Print Creations - Photo Book-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1PhotoBook
ArcSoft Print Creations - Photo Calendar-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1Calendar
ArcSoft Print Creations - Scrapbook-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1ScrapBook
ArcSoft Print Creations - Slimline Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1Slimline
ArcSoft Print Creations-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Baldur's Gate™ II - Throne of Bhaal ™-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8C3B479-1716-11D5-968A-0050BA84F5F7}\Setup.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CBC Content Pack - Marvel-->MsiExec.exe /I{7A9B6323-3F5E-4A2E-939E-8A1F4F6A0CA8}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
center-->MsiExec.exe /I{56BA241F-580C-43D2-8403-947241AAE633}
Champions Online-->C:\Program Files\Cryptic Studios\Uninstall Champions Online.exe
City of Heroes (remove only)-->"C:\Program Files\City of Heroes\uninstall.exe"
Creative Audio Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
CSI-Hard Evidence Demo-->C:\Program Files\InstallShield Installation Information\{102D822C-1EAE-4B4E-88FE-7B2C66BD8A04}\setup.exe -runfromtemp -l0x0009 -removeonly
CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
CyberLink Power2Go-->"C:\Program Files\InstallShield Installation Information\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\Setup.exe" /z-uninstall
CyberLink Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
DivX 5.0.2 Pro Bundle-->C:\WINDOWS\unvise32.exe C:\Program Files\DivX\uninstal.log
DivX Player-->C:\Program Files\DivX\DivX Player 2.0 Alpha\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DRIV3R-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01DBF423-E27B-45DA-B7F3-F9D4DB39B1C9}\SETUP.EXE" -l0x9
Driver Sweeper 2.1.0-->"C:\Program Files\Phyxion.net\Driver Sweeper\unins000.exe"
Dungeon Siege Legends of Aranna-->"C:\Program Files\Microsoft Games\Dungeon Siege\UNINSTAL.EXE" /runtemp /addremove
Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.09.03.800-->"C:\Program Files\Turbine\DDO Unlimited\unins000.exe"
Dungeons and Dragons Online™ - Lamannia - PublicPreview-->"C:\Program Files\Turbine\Dungeons and Dragons Online - Stormreach - Lamannia\Uninstall.exe" /silent /query ef57af2e-47b7-4e04-8c4b-48fb10fc34f0_is1
Eraser 5.8-->"C:\Program Files\Eraser\unins000.exe"
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
EverQuest: Seeds of Destruction-->"C:\Program Files\Steam\steam.exe" steam://uninstall/24130
EverQuest: The Anniversary Edition-->C:\Program Files\InstallShield Installation Information\{6BB7C3F8-40EC-4ACD-8F7C-78B769B34B08}\setup.exe -runfromtemp -l0x0009 -removeonly
Fraps-->"C:\Fraps\uninstall.exe"
'Full Speed' Internet Booster + Performance Tests-->"C:\WINDOWS\'Full Speed' Internet Booster + Performance Tests\uninstall.exe" "/U:C:\Program Files\'Full Speed' Internet Booster + Performance Tests\Uninstall\uninstall.xml"
Futuremark SystemInfo-->"C:\Program Files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -runfromtemp -l0x0009 -removeonly
GEAR driver installer for x86 and x64-->MsiExec.exe /I{2C9A62F0-D1B3-4E2C-A7D9-24F38FF2A379}
Guild Wars-->"C:\Program Files\Guild Wars\Gw.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HiJackThis-->MsiExec.exe /X{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}
Hitman Pro 3.5-->"C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB945060-v3)-->"C:\WINDOWS\$NtUninstallKB945060-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Icewind Dale - Heart of Winter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{433BF933-81D6-4646-A318-3DE5DB6108F2}\setup.exe"
Icewind Dale-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{433BF933-81D6-4646-A318-3DE5DB6108F2}\setup.exe"
iTunes-->MsiExec.exe /I{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}
Java™ 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KODAK AiO Home Center-->C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe /Web /x "{E0F274B7-592B-4669-8FB8-8D9825A09858}" CompanyName="Eastman Kodak Company" /code "1033"
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0001_83aff9a\Setup.exe /APR-REMOVE
ksDIP-->MsiExec.exe /I{10934A28-0CC6-4B98-A14F-76B3546003AF}
LastChaos-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0AF3FEAE-B651-4421-97EF-4808A588B4E5}\Setup.exe" -l0x9
Legends of Norrath-->"C:\Program Files\InstallShield Installation Information\{D7A89413-FB45-4ECE-A893-32DC87F45554}\setup.exe" -runfromtemp -l0x0009 -removeonly
LimeWire PRO 5.3.6-->"E:\Program Files\LimeWire\uninstall.exe"
Living Marine Aquarium 2 Full Screen Saver-->"C:\PROGRA~1\Freeze.com\Living Marine Aquarium 2 Full\UNINSTAL.EXE"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvel Comic Book Creator-->MsiExec.exe /I{54155433-F49C-4FE0-878C-C12D2BDDC1E3}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Antimalware-->MsiExec.exe /X{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Essentials\setup.exe /x
Microsoft Security Essentials-->MsiExec.exe /I{EF98A02A-1748-4762-9B7D-5ED1600520D5}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
Monitor Asset Manager-->C:\Program Files\MonInfo\uninstall.exe -s
Mozilla Firefox (3.5.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
My DSC-->C:\Program Files\InstallShield Installation Information\{225af9a1-b556-88d5-94aa-0010b5426419}\setup.exe
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA PhysX-->MsiExec.exe /X{506DDFBE-983F-4BC3-84B8-65F423B2D798}
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
Painkiller-->C:\WINDOWS\unvise32.exe C:\Program Files\DreamCatcher\Painkiller\uninstal.log
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
PlayNC Launcher-->C:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0009 -removeonly
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PoxNora 1.4.7.0-->C:\Program Files\PoxNora\uninstall.exe
PreReq-->MsiExec.exe /I{DA5BDB2A-12F0-4343-8351-21AAEB293990}
PristonTale-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5B4799D-4E8D-4DC6-9C50-060EE5F8AA9C}\Setup.exe" -l0x9
PristonTale2-->"C:\Program Files\KeyToPlay\PristonTale2\uninst.exe"
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
RealUpgrade 1.0-->MsiExec.exe /I{F4F4F84E-804F-4E9A-84D7-C34283F0088F}
Road Runner Install-->"C:\Program Files\HERACTSTG\smartaccess\unins000.exe"
Roxio EasyWrite Reader-->C:\WINDOWS\system32\MRFUNIN.EXE
Sacred 2-->MsiExec.exe /I{1023383E-D9F6-478C-A965-23A4657B3C9A}
Safari-->MsiExec.exe /I{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
Shin Megami Tensei: Imagine-->C:\AeriaGames\MegaTen\Uninst.exe
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Star Wars ScreenThemes-->"C:\Program Files\ScreenThemes\uninstall.exe"
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
Station Installer 1.0.3.58-->C:\Program Files\Sony Online Entertainment\uninst.exe
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
System Requirements Lab-->MsiExec.exe /I{9EBDAF91-DADA-47CE-94F2-F5B004007934}
Total Immersion D'Fusion Web Plugin-->"C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\uninstall.exe"
Turbine Download Manager - PublicPreview-->"C:\Program Files\Turbine\Turbine Download Manager - Lamannia\UninstallTDM.exe" /silent /query b35d407a-d5d8-4a2e-91bf-1d95b9f3f590_is1
TwelveSky2-->"C:\Program Files\InstallShield Installation Information\{04634A14-619B-4F53-88B3-2A48FB3A99C6}\setup.exe" -runfromtemp -l0x0009 -removeonly
Ubisoft Game Launcher-->"C:\Program Files\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
Update for Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"
Update for Windows XP (KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WebEx-->C:\PROGRA~1\MOZILL~1\plugins\atcliun.exe
Wii Max Media Manager Pro-->"C:\Program Files\Datel\Wii Max Media Manager Pro\unins000.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Photo Gallery-->MsiExec.exe /X{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Wonderland Online 2.0.3-->"C:\Program Files\Wonderland Online\unins000.exe"
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
ZU-ONLINE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D619E865-AE93-4785-BB20-F3072CE4E8C5}\setup.exe" -l0x9 -removeonly

======Security center information======

AV: AVG Anti-Virus Free
AV: Microsoft Security Essentials

======System event log======

Computer Name: TIM-COMPUTER
Event Code: 7000
Message: The reqcftxk service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 23042
Source Name: Service Control Manager
Time Written: 20100304173506.000000-300
Event Type: error
User:

Computer Name: TIM-COMPUTER
Event Code: 7000
Message: The reqcftxk service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 23020
Source Name: Service Control Manager
Time Written: 20100304173010.000000-300
Event Type: error
User:

Computer Name: TIM-COMPUTER
Event Code: 7000
Message: The reqcftxk service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 22991
Source Name: Service Control Manager
Time Written: 20100304110017.000000-300
Event Type: error
User:

Computer Name: TIM-COMPUTER
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 22986
Source Name: W32Time
Time Written: 20100304045332.000000-300
Event Type: warning
User:

Computer Name: TIM-COMPUTER
Event Code: 8
Message: Printer KODAK ESP-3 AiO was purged.

Record Number: 22984
Source Name: Print
Time Written: 20100303152803.000000-300
Event Type: warning
User: TIM-COMPUTER\Tim

=====Application event log=====

Computer Name: TIM-COMPUTER
Event Code: 1002
Message: Hanging application explorer.exe, version 6.0.2900.3156, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 6698
Source Name: Application Hang
Time Written: 20100304172616.000000-300
Event Type: error
User:

Computer Name: TIM-COMPUTER
Event Code: 1000
Message: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Record Number: 6697
Source Name: Application Error
Time Written: 20100304172511.000000-300
Event Type: error
User:

Computer Name: TIM-COMPUTER
Event Code: 1000
Message: Faulting application turbinenetworkservice.exe, version 1.5.3621.31805, stamp 4b144b25, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0x051f11fc.

Record Number: 6679
Source Name: .NET Runtime 2.0 Error Reporting
Time Written: 20100303022252.000000-300
Event Type: error
User:

Computer Name: TIM-COMPUTER
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.


Record Number: 6625
Source Name: crypt32
Time Written: 20100225092612.000000-300
Event Type: error
User:

Computer Name: TIM-COMPUTER
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.


Record Number: 6624
Source Name: crypt32
Time Written: 20100225092611.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Ubisoft\Ubisoft Game Launcher\dlls
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"MOZ_PLUGIN_PATH"=C:\Program Files\Total Immersion\DFusionHomeWebPlugIn
"KDS_LANGUAGE"=13
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------





Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3967

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

4/8/2010 6:25:16 AM
mbam-log-2010-04-08 (06-25-16).txt

Scan type: Full scan (C:\|)
Objects scanned: 344839
Time elapsed: 6 hour(s), 25 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attached Files



#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:48 AM

Posted 09 April 2010 - 06:34 AM

Hi bulldzr,

I see that you have been running combofix, please post the log it produced located at C:\ComboFix.txt

unite.jpg


#5 bulldzr

bulldzr
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 09 April 2010 - 07:42 AM

combofix did it's removal of something in normal mode and nothing in safe mode.. well that means i am going to zip file it for you cause it is to big to put as normal txt attachment.... so here it is.



Attached Files



#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:48 AM

Posted 09 April 2010 - 07:55 AM

Can you tell me how the computer is running and what problems you are currently having?

  • Go to Start >> Run
  • Copy and paste the following command line into the Run box, then click OK.
cmd /c mbr -t& start mbr.log
  • A file called mbr.log will pop up please post the contents in your reply.

unite.jpg


#7 bulldzr

bulldzr
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 09 April 2010 - 08:17 AM

well everything i click on like internet explorer & firefox or other programs like games , anti virus software, etc. takes so long to come up on screen to do things with. plus it takes a long time to shutdown roughly 5 minutes or so..... just about everytime i turn the computer off in windows it just sits there in hang while saying windows shutting down (blue screen window xp) , sometimes it does not even get there to the windows xp shutting down screen. it just sit there and does nothing. so then i repeat it and go to the start button click turn of computer again, waited and nothing happened so i end up pushing the pc power button for 5 seconds to let it shutdown. that has happened a couple of times that i had to do that... used to shutdown real fast but now it is not.





Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys videX32.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x098A7FEC
malicious code @ sector 0x098A7FEF !
PE file found in sector at 0x098A8005 !

Edited by bulldzr, 09 April 2010 - 10:04 AM.


#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:48 AM

Posted 09 April 2010 - 11:27 AM

Please delete any copy of combofix you have then follow these instructions to run it again.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix



TFC(Temp File Cleaner):
  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.TFC(Temp File Cleaner):

unite.jpg


#9 bulldzr

bulldzr
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 09 April 2010 - 08:07 PM

ComboFix 10-04-08.06 - Tim 04/09/2010 20:44:30.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.857 [GMT -4:00]
Running from: c:\documents and settings\Tim\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((( Files Created from 2010-03-10 to 2010-04-10 )))))))))))))))))))))))))))))))
.

2010-04-09 12:28 . 2010-04-09 12:28 100108 ----a-w- C:\ComboFix.zip
2010-04-08 17:35 . 2010-04-08 17:36 -------- d-----w- c:\program files\trend micro
2010-04-08 17:35 . 2010-04-08 17:36 -------- d-----w- C:\rsit
2010-04-08 13:00 . 2010-04-08 13:00 4255072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-04-03 05:11 . 2010-04-03 05:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-04-02 00:31 . 2010-04-02 00:31 388096 ----a-r- c:\documents and settings\Tim\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-01 13:22 . 2010-04-01 13:22 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-04-01 13:22 . 2010-04-01 13:22 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-04-01 13:22 . 2010-04-01 13:22 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-04-01 13:22 . 2010-04-01 13:22 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
2010-04-01 13:22 . 2010-04-01 13:22 341272 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxch32.dll
2010-04-01 13:22 . 2010-04-01 13:22 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
2010-04-01 13:22 . 2010-04-01 13:22 1598744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-04-01 13:22 . 2010-04-01 13:22 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2010-04-01 13:22 . 2010-04-01 13:22 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-04-01 13:22 . 2010-04-01 13:22 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2010-04-01 13:22 . 2010-04-01 13:22 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-04-01 13:22 . 2010-04-01 13:22 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
2010-04-01 13:20 . 2010-04-01 13:20 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-01 13:20 . 2010-04-01 13:20 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-03-30 19:45 . 2010-02-24 14:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-03-30 19:41 . 2010-03-30 19:41 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-03-30 01:36 . 2010-03-30 01:36 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-03-27 22:03 . 2010-03-30 02:00 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-03-27 22:00 . 2010-03-27 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-03-27 22:00 . 2010-03-27 22:00 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-03-27 12:08 . 2010-03-27 12:08 -------- d-----w- c:\program files\TrendMicro
2010-03-22 08:20 . 2010-04-08 17:26 -------- d-----w- c:\program files\Steam
2010-03-13 12:03 . 2010-03-13 12:03 -------- d-----w- c:\windows\system32\scripting
2010-03-13 12:03 . 2010-03-13 12:03 -------- d-----w- c:\windows\l2schemas
2010-03-13 12:03 . 2010-03-13 12:03 -------- d-----w- c:\windows\system32\en
2010-03-13 12:03 . 2010-03-13 12:03 -------- d-----w- c:\windows\system32\bits
2010-03-12 14:02 . 2010-03-12 14:02 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-12 14:02 . 2010-03-12 14:02 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-12 14:02 . 2010-03-12 14:02 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-12 14:02 . 2010-03-12 14:02 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-12 11:02 . 2010-03-12 11:02 -------- d-----w- c:\documents and settings\Tim\Local Settings\Application Data\Amazon
2010-03-12 11:02 . 2010-03-12 11:02 -------- d-----w- c:\documents and settings\Tim\Application Data\Amazon
2010-03-12 11:02 . 2010-03-12 11:02 -------- d-----w- c:\program files\Amazon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 00:48 . 2009-05-17 19:50 -------- d-----w- c:\documents and settings\Tim\Application Data\DNA
2010-04-08 17:25 . 2009-05-17 19:50 -------- d-----w- c:\program files\DNA
2010-04-08 17:24 . 2009-01-22 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2010-04-08 17:24 . 2009-02-05 23:17 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-04-08 16:05 . 2009-05-24 21:37 -------- d-----w- c:\program files\CCleaner
2010-04-08 00:27 . 2010-01-15 00:02 117760 ----a-w- c:\documents and settings\Tim\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-04 00:10 . 2010-01-15 00:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-03 23:26 . 2009-05-26 19:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-29 22:22 . 2009-05-26 19:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-29 22:21 . 2009-05-29 14:32 5918720 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-29 19:24 . 2009-05-26 19:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 19:24 . 2009-05-26 19:44 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-26 12:22 . 2009-05-26 19:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-25 02:20 . 2007-05-19 20:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-24 02:40 . 2009-09-14 13:07 -------- d-----w- c:\program files\Defraggler
2010-03-22 14:11 . 2009-08-05 19:00 -------- d-----w- c:\program files\Turbine
2010-03-21 08:56 . 2007-11-23 02:12 37528 ----a-w- c:\documents and settings\Tim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-13 12:05 . 2007-05-19 19:47 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-12 19:25 . 2009-12-31 11:53 -------- d-----w- c:\program files\Cryptic Studios
2010-03-12 14:02 . 2009-11-03 14:32 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-12 14:02 . 2009-11-03 14:32 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-12 14:02 . 2009-11-03 14:32 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-08 20:02 . 2010-03-08 20:02 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-08 20:02 . 2010-03-08 20:02 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-08 20:02 . 2010-03-08 20:02 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-08 20:02 . 2010-03-08 20:02 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-08 20:02 . 2010-03-08 20:02 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-08 20:02 . 2010-03-08 20:02 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-08 20:02 . 2010-03-08 20:02 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-08 20:02 . 2010-03-08 20:02 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-08 20:01 . 2007-07-27 23:53 -------- d-----w- c:\program files\Common Files\Real
2010-03-08 20:01 . 2007-07-27 23:53 -------- d-----w- c:\program files\Real
2010-03-08 20:01 . 2010-03-08 20:01 -------- d-----w- c:\program files\Common Files\xing shared
2010-03-07 20:55 . 2007-08-02 23:49 -------- d-----w- c:\program files\City of Heroes
2010-03-06 05:36 . 2010-03-06 04:43 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-06 04:37 . 2010-03-06 04:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\AdobeUM
2010-03-06 04:34 . 2010-03-06 04:34 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-06 04:34 . 2010-03-06 04:34 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-03-06 04:34 . 2010-03-06 04:34 290816 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2010-03-06 04:34 . 2010-03-06 04:34 290816 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2010-03-06 04:34 . 2010-03-06 04:34 290816 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2010-03-06 04:34 . 2010-03-06 04:34 290816 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2010-03-06 04:34 . 2010-03-06 04:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab
2010-03-06 03:05 . 2007-05-19 15:26 98304 ----a-w- c:\windows\DUMP5236.tmp
2010-02-27 20:26 . 2009-06-04 22:13 -------- d-----w- c:\documents and settings\Tim\Application Data\Move Networks
2010-02-26 05:43 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 04:48 . 2009-06-14 23:11 -------- d-----w- c:\documents and settings\Tim\Application Data\Temp
2010-02-21 01:11 . 2010-02-21 01:11 143976 ----a-w- c:\documents and settings\Tim\Application Data\Move Networks\uninstall.exe
2010-02-21 01:11 . 2009-10-15 00:50 5642688 ----a-w- c:\documents and settings\Tim\Application Data\Move Networks\plugins\npqmp071701000002.dll
2010-02-21 01:11 . 2010-02-21 01:11 1794456 ----a-w- c:\documents and settings\Tim\Application Data\Move Networks\MoveMediaPlayerWin_071701000002.exe
2010-02-07 17:13 . 2010-02-07 17:13 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-02-04 19:03 . 2010-02-04 19:03 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-03 03:32 . 2010-02-03 03:33 36864 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
2010-01-30 16:46 . 2010-01-30 16:46 290816 ----a-w- c:\documents and settings\Tim\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2010-01-30 16:46 . 2010-01-30 16:46 290816 ----a-w- c:\documents and settings\Tim\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2010-01-30 16:46 . 2010-01-30 16:46 290816 ----a-w- c:\documents and settings\Tim\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2010-01-30 16:46 . 2010-01-30 16:46 290816 ----a-w- c:\documents and settings\Tim\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2010-01-22 23:49 . 2010-02-25 16:58 70984 ----a-w- c:\documents and settings\HelpAssistant\g2mdlhlpx.exe
2010-01-22 23:49 . 2010-01-22 23:49 70984 ----a-w- c:\documents and settings\Tim\g2mdlhlpx.exe
2010-01-19 02:58 . 2009-09-08 14:01 31064 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-15 00:02 . 2010-01-15 00:02 52224 ----a-w- c:\documents and settings\Tim\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-12 17:03 . 2010-01-12 17:03 182888 ----a-w- c:\windows\system32\nvcod.dll
2009-07-16 16:34 . 2009-07-16 16:34 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-07-16 16:34 . 2009-07-16 16:34 125848 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-07-16 16:34 . 2009-07-16 16:35 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-03-29_19.58.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-08 17:24 . 2010-04-08 17:24 16384 c:\windows\temp\Perflib_Perfdata_1d0.dat
- 2007-05-20 02:19 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2007-05-20 02:19 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2004-08-04 12:00 . 2010-02-26 05:43 81920 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-04 12:00 . 2009-12-22 05:20 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-04 12:00 . 2010-02-26 05:43 627712 c:\windows\system32\urlmon.dll
- 2004-08-04 12:00 . 2009-12-22 05:21 627712 c:\windows\system32\urlmon.dll
- 2004-08-04 12:00 . 2008-04-14 00:11 251904 c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2010-02-26 05:43 251904 c:\windows\system32\iepeers.dll
+ 2009-12-02 19:23 . 2009-12-02 19:23 149040 c:\windows\system32\drivers\MpFilter.sys
+ 2008-04-21 06:44 . 2010-02-26 05:43 667136 c:\windows\system32\dllcache\wininet.dll
- 2008-04-21 06:44 . 2009-12-22 05:21 667136 c:\windows\system32\dllcache\wininet.dll
- 2008-06-26 08:15 . 2009-12-22 05:21 627712 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-26 08:15 . 2010-02-26 05:43 627712 c:\windows\system32\dllcache\urlmon.dll
+ 2010-02-26 05:43 . 2010-02-26 05:43 251904 c:\windows\system32\dllcache\iepeers.dll
+ 2010-03-30 19:41 . 2010-03-30 19:41 272384 c:\windows\Installer\a74c9.msi
+ 2010-03-30 19:41 . 2010-03-30 19:41 254976 c:\windows\Installer\a74c3.msi
+ 2010-03-30 19:41 . 2010-03-30 19:41 301056 c:\windows\Installer\a74bd.msi
- 2004-08-04 12:00 . 2009-12-22 05:21 1509888 c:\windows\system32\shdocvw.dll
+ 2004-08-04 12:00 . 2010-03-10 04:33 1509888 c:\windows\system32\shdocvw.dll
+ 2004-08-04 12:00 . 2010-02-26 05:43 3073024 c:\windows\system32\mshtml.dll
+ 2008-06-26 08:15 . 2010-03-10 04:33 1509888 c:\windows\system32\dllcache\shdocvw.dll
- 2008-06-26 08:15 . 2009-12-22 05:21 1509888 c:\windows\system32\dllcache\shdocvw.dll
+ 2008-04-21 06:44 . 2010-02-26 05:43 3073024 c:\windows\system32\dllcache\mshtml.dll
+ 2010-03-10 04:33 . 2010-03-10 04:33 1025024 c:\windows\system32\dllcache\browseui.dll
- 2004-08-04 12:00 . 2008-04-14 00:11 1025024 c:\windows\system32\browseui.dll
+ 2004-08-04 12:00 . 2010-03-10 04:33 1025024 c:\windows\system32\browseui.dll
+ 2010-04-02 00:31 . 2010-04-02 00:31 1093632 c:\windows\Installer\6d8e20c.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Tim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-07 323392]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-04 2012912]
"Steam"="c:\program files\Steam\Steam.exe" [2010-03-22 1217872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-08-03 1626112]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-08 202256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-21 110184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-07-19 439568]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-12 14:02 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Tim^Start Menu^Programs^Startup^ScreenThemes.lnk]
path=c:\documents and settings\Tim\Start Menu\Programs\Startup\ScreenThemes.lnk
backup=c:\windows\pss\ScreenThemes.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 19:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2006-08-11 18:56 17920 ----a-w- c:\windows\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2006-08-11 18:56 18944 ----a-w- c:\windows\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-23 00:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 01:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
2009-07-08 23:02 2684200 ------w- c:\program files\CyberLink\Power2Go\Power2GoExpress.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\BitTorrent\\bittorrent.exe"=
"e:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\Tim\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Wonderland Online\\main.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\ONWIND\\ZU-ONLINE\\ZuOnline.exe"=
"c:\\Program Files\\ONWIND\\ZU-ONLINE\\BT_Update.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\AeriaGames\\12Sky\\TwelveSky.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"e:\\Program Files\\StarWarsGalaxies\\SwgClient_r.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Monte Cristo\\Cities XL\\cds\\CitiesXL_http.exe"=
"c:\\Program Files\\'Full Speed' Internet Booster + Performance Tests\\FullSpeed.exe"=
"c:\\Program Files\\Turbine\\Dungeons and Dragons Online - Stormreach - Lamannia\\dndclient.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Turbine\\DDO Unlimited\\dndclient.exe"=
"c:\\Program Files\\Sony\\EverQuest\\EQVoiceService.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\Program Files\\cdv Software Entertainment USA\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"c:\\Program Files\\cdv Software Entertainment USA\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\dlls\\ubiorbitapi_r1.dll"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager - Lamannia\\TurbineMessageService.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager - Lamannia\\TurbineNetworkService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"9323:TCP"= 9323:TCP:EKDiscovery
"56152:TCP"= 56152:TCP:Pando Media Booster
"56152:UDP"= 56152:UDP:Pando Media Booster
"9322:TCP"= 9322:TCP:EKDiscovery
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"6288:TCP"= 6288:TCP:Services
"8452:TCP"= 8452:TCP:Services
"4976:TCP"= 4976:TCP:Services
"8616:TCP"= 8616:TCP:Services
"8617:TCP"= 8617:TCP:Services
"4742:TCP"= 4742:TCP:Services
"7984:TCP"= 7984:TCP:Services
"4789:TCP"= 4789:TCP:Services
"8078:TCP"= 8078:TCP:Services
"5210:TCP"= 5210:TCP:Services
"8920:TCP"= 8920:TCP:Services

R0 MrFilter;EasyWrite Driver;c:\windows\system32\drivers\MRFilter.sys [9/21/2009 8:19 AM 12096]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/3/2009 10:32 AM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/3/2009 10:32 AM 242696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 8:56 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 8:56 AM 66632]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/12/2010 10:02 AM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/12/2010 10:02 AM 308064]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [8/5/2009 1:49 PM 284016]
R2 PublicPreviewTurbineMessageService;Turbine Message Service - PublicPreview;c:\program files\Turbine\Turbine Download Manager - Lamannia\TurbineMessageService.exe [8/5/2009 3:00 PM 271856]
R3 PublicPreviewTurbineNetworkService;Turbine Network Service - PublicPreview;c:\program files\Turbine\Turbine Download Manager - Lamannia\TurbineNetworkService.exe [8/5/2009 3:00 PM 218608]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 8:56 AM 12872]
S2 reqcftxk;reqcftxk;c:\windows\system32\drivers\aawyhfwn.sys --> c:\windows\system32\drivers\aawyhfwn.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\Tim\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Tim\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [5/3/2007 12:19 PM 12112]
S3 XDva005;XDva005;\??\c:\windows\system32\XDva005.sys --> c:\windows\system32\XDva005.sys [?]
S3 XDva024;XDva024;\??\c:\windows\system32\XDva024.sys --> c:\windows\system32\XDva024.sys [?]
S3 XDva031;XDva031;\??\c:\windows\system32\XDva031.sys --> c:\windows\system32\XDva031.sys [?]
S3 XDva064;XDva064;\??\c:\windows\system32\XDva064.sys --> c:\windows\system32\XDva064.sys [?]
S3 XDva214;XDva214;\??\c:\windows\system32\XDva214.sys --> c:\windows\system32\XDva214.sys [?]
S3 XDva244;XDva244;\??\c:\windows\system32\XDva244.sys --> c:\windows\system32\XDva244.sys [?]
S3 XDva321;XDva321;\??\c:\windows\system32\XDva321.sys --> c:\windows\system32\XDva321.sys [?]
S3 XDva324;XDva324;\??\c:\windows\system32\XDva324.sys --> c:\windows\system32\XDva324.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-2111687655-839522115-1003Core.job
- c:\documents and settings\Tim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 01:00]

2010-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-2111687655-839522115-1003UA.job
- c:\documents and settings\Tim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 01:00]

2010-04-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]

2010-04-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1004336348-2111687655-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-04-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1004336348-2111687655-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.marketamerica.com/timlandry
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\documents and settings\Tim\Application Data\Mozilla\Firefox\Profiles\mgvioudk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.marketamerica.com/timlandry
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Tim\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Tim\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-09 20:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1004336348-2111687655-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1004336348-2111687655-839522115-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-1004336348-2111687655-839522115-1003)
@Allowed: (Read) (S-1-5-21-1004336348-2111687655-839522115-1003)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1004336348-2111687655-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:35,24,e9,70,dc,26,0d,51,b5,9b,01,90,76,a0,88,33,50,80,ac,a1,f0,
21,62,4f,5c,97,95,83,89,a5,97,92,b7,e3,74,ea,bb,8e,f2,53,3e,e0,ef,9d,10,4c,\
"rkeysecu"=hex:39,8e,b4,03,43,b1,cb,7f,cd,57,48,f4,e3,f0,30,67

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2010-04-09 20:55:56
ComboFix-quarantined-files.txt 2010-04-10 00:55
ComboFix2.txt 2010-03-29 20:01
ComboFix3.txt 2010-03-27 16:41
ComboFix4.txt 2009-05-29 14:14

Pre-Run: 146,579,116,032 bytes free
Post-Run: 146,574,643,200 bytes free

- - End Of File - - BC4B825F70BCD65E828008E64559D30B


#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:48 AM

Posted 10 April 2010 - 08:51 AM

I don't see much wrong there except for you having two AV's and like I point out in my first post this is not a good idea, so
once again I suggest you uninstall one of them.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

CODE
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-
"2479:TCP"=-
"6288:TCP"=-
"8452:TCP"=-
"4976:TCP"=-
"8616:TCP"=-
"8617:TCP"=-
"4742:TCP"=-
"7984:TCP"=-
"4789:TCP"=-
"8078:TCP"=-
"5210:TCP"=-
"8920:TCP"=-
Driver::
reqcftxk
cpuz130
XDva005
XDva024
XDva031
XDva064
XDva214
XDva244
XDva321
XDva324
RegLock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
RegNull::
[HKEY_USERS\S-1-5-21-1004336348-2111687655-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
[HKEY_USERS\S-1-5-21-1004336348-2111687655-839522115-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 19 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u19-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.



Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the button.
  • Check
  • Click the button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push


Then in your next reply, please let me know if you are having any more problems and post back here with the following logs:
  • Combofix.txt
  • ESET report

Thanks

unite.jpg


#11 bulldzr

bulldzr
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 11 April 2010 - 07:37 PM

OK here is my combofix log. tonight i am going to let the eset do a scan in safe mode see what it finds anything. do you want me to unchecked or checked for the option to have it try remove what it finds too with the archiveing checked ....cause that is what i am going to do tonight in safe mode. oh ya i tried to log into ebay in ie or firefox and still can not cause you told me to put all that info into combofix and it did not do anothing other then made things run a little smoother.... just wanted to give you the heads up.. oooh ya i will turn of my avg too while the eset does it scan in safe mode.







ComboFix 10-04-09.06 - Tim 04/10/2010 10:50:09.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.975 [GMT -4:00]
Running from: c:\documents and settings\Tim\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tim\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CPUZ130
-------\Legacy_REQCFTXK
-------\Legacy_XDVA005
-------\Legacy_XDVA024
-------\Legacy_XDVA031
-------\Legacy_XDVA064
-------\Legacy_XDVA214
-------\Legacy_XDVA244
-------\Legacy_XDVA321
-------\Legacy_XDVA324
-------\Service_cpuz130
-------\Service_reqcftxk
-------\Service_XDva005
-------\Service_XDva024
-------\Service_XDva031
-------\Service_XDva064
-------\Service_XDva214
-------\Service_XDva244
-------\Service_XDva321
-------\Service_XDva324


((((((((((((((((((((((((( Files Created from 2010-03-10 to 2010-04-10 )))))))))))))))))))))))))))))))
.

2010-04-10 14:42 . 2010-04-10 14:42 -------- d-----w- c:\program files\Common Files\Java
2010-04-09 12:28 . 2010-04-09 12:28 100108 ----a-w- C:\ComboFix.zip
2010-04-08 17:35 . 2010-04-08 17:36 -------- d-----w- c:\program files\trend micro
2010-04-08 17:35 . 2010-04-08 17:36 -------- d-----w- C:\rsit
2010-04-03 05:11 . 2010-04-03 05:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-03-30 19:45 . 2010-02-24 14:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-03-30 01:36 . 2010-03-30 01:36 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-03-27 22:03 . 2010-03-30 02:00 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-03-27 22:00 . 2010-03-27 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-03-27 22:00 . 2010-03-27 22:00 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-03-27 12:08 . 2010-03-27 12:08 -------- d-----w- c:\program files\TrendMicro
2010-03-22 08:20 . 2010-04-10 15:01 -------- d-----w- c:\program files\Steam
2010-03-13 12:03 . 2010-03-13 12:03 -------- d-----w- c:\windows\system32\scripting
2010-03-13 12:03 . 2010-03-13 12:03 -------- d-----w- c:\windows\l2schemas
2010-03-13 12:03 . 2010-03-13 12:03 -------- d-----w- c:\windows\system32\en
2010-03-13 12:03 . 2010-03-13 12:03 -------- d-----w- c:\windows\system32\bits
2010-03-12 14:02 . 2010-03-12 14:02 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-12 11:02 . 2010-03-12 11:02 -------- d-----w- c:\documents and settings\Tim\Local Settings\Application Data\Amazon
2010-03-12 11:02 . 2010-03-12 11:02 -------- d-----w- c:\documents and settings\Tim\Application Data\Amazon
2010-03-12 11:02 . 2010-03-12 11:02 -------- d-----w- c:\program files\Amazon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 15:00 . 2009-05-17 19:50 -------- d-----w- c:\program files\DNA
2010-04-10 15:00 . 2009-05-17 19:50 -------- d-----w- c:\documents and settings\Tim\Application Data\DNA
2010-04-10 14:59 . 2009-01-22 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2010-04-10 14:59 . 2009-02-05 23:17 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-04-10 14:40 . 2008-11-23 09:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-10 14:34 . 2010-01-15 00:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-10 14:23 . 2010-04-10 14:23 61440 ----a-w- c:\documents and settings\Tim\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-58064748-n\decora-sse.dll
2010-04-10 14:23 . 2010-04-10 14:23 503808 ----a-w- c:\documents and settings\Tim\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-19446897-n\msvcp71.dll
2010-04-10 14:23 . 2010-04-10 14:23 499712 ----a-w- c:\documents and settings\Tim\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-19446897-n\jmc.dll
2010-04-10 14:23 . 2010-04-10 14:23 348160 ----a-w- c:\documents and settings\Tim\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-19446897-n\msvcr71.dll
2010-04-10 14:23 . 2010-04-10 14:23 12800 ----a-w- c:\documents and settings\Tim\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-58064748-n\decora-d3d.dll
2010-04-10 14:19 . 2007-05-20 01:31 -------- d-----w- c:\program files\Java
2010-04-10 02:16 . 2010-01-15 00:02 117760 ----a-w- c:\documents and settings\Tim\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-08 16:05 . 2009-05-24 21:37 -------- d-----w- c:\program files\CCleaner
2010-04-08 13:00 . 2010-04-08 13:00 4255072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-04-03 23:26 . 2009-05-26 19:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-02 00:31 . 2010-04-02 00:31 388096 ----a-r- c:\documents and settings\Tim\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-01 13:22 . 2010-04-01 13:22 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-04-01 13:22 . 2010-04-01 13:22 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-04-01 13:22 . 2010-04-01 13:22 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-04-01 13:22 . 2010-04-01 13:22 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
2010-04-01 13:22 . 2010-04-01 13:22 341272 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxch32.dll
2010-04-01 13:22 . 2010-04-01 13:22 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
2010-04-01 13:22 . 2010-04-01 13:22 1598744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-04-01 13:22 . 2010-04-01 13:22 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2010-04-01 13:22 . 2010-04-01 13:22 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-04-01 13:22 . 2010-04-01 13:22 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2010-04-01 13:22 . 2010-04-01 13:22 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-04-01 13:22 . 2010-04-01 13:22 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
2010-04-01 13:20 . 2010-04-01 13:20 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-01 13:20 . 2010-04-01 13:20 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-03-29 22:22 . 2009-05-26 19:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-29 22:21 . 2009-05-29 14:32 5918720 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-29 19:24 . 2009-05-26 19:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 19:24 . 2009-05-26 19:44 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-26 12:22 . 2009-05-26 19:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-25 02:20 . 2007-05-19 20:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-24 02:40 . 2009-09-14 13:07 -------- d-----w- c:\program files\Defraggler
2010-03-22 14:11 . 2009-08-05 19:00 -------- d-----w- c:\program files\Turbine
2010-03-21 08:56 . 2007-11-23 02:12 37528 ----a-w- c:\documents and settings\Tim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-13 12:05 . 2007-05-19 19:47 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-12 19:25 . 2009-12-31 11:53 -------- d-----w- c:\program files\Cryptic Studios
2010-03-12 14:02 . 2010-03-12 14:02 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-12 14:02 . 2010-03-12 14:02 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-12 14:02 . 2010-03-12 14:02 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-12 14:02 . 2009-11-03 14:32 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-12 14:02 . 2009-11-03 14:32 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-12 14:02 . 2009-11-03 14:32 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-08 20:02 . 2010-03-08 20:02 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-08 20:02 . 2010-03-08 20:02 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-08 20:02 . 2010-03-08 20:02 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-08 20:02 . 2010-03-08 20:02 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-08 20:02 . 2010-03-08 20:02 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-08 20:02 . 2010-03-08 20:02 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-08 20:02 . 2010-03-08 20:02 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-08 20:02 . 2010-03-08 20:02 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-08 20:01 . 2007-07-27 23:53 -------- d-----w- c:\program files\Common Files\Real
2010-03-08 20:01 . 2007-07-27 23:53 -------- d-----w- c:\program files\Real
2010-03-08 20:01 . 2010-03-08 20:01 -------- d-----w- c:\program files\Common Files\xing shared
2010-03-07 20:55 . 2007-08-02 23:49 -------- d-----w- c:\program files\City of Heroes
2010-03-06 05:36 . 2010-03-06 04:43 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-06 04:37 . 2010-03-06 04:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\AdobeUM
2010-03-06 04:34 . 2010-03-06 04:34 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-06 04:34 . 2010-03-06 04:34 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-03-06 04:34 . 2010-03-06 04:34 290816 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2010-03-06 04:34 . 2010-03-06 04:34 290816 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2010-03-06 04:34 . 2010-03-06 04:34 290816 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2010-03-06 04:34 . 2010-03-06 04:34 290816 ----a-w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2010-03-06 04:34 . 2010-03-06 04:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\SystemRequirementsLab
2010-02-27 20:26 . 2009-06-04 22:13 -------- d-----w- c:\documents and settings\Tim\Application Data\Move Networks
2010-02-26 05:43 . 2004-08-04 12:00 667136 ------w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 04:48 . 2009-06-14 23:11 -------- d-----w- c:\documents and settings\Tim\Application Data\Temp
2010-02-21 01:11 . 2010-02-21 01:11 143976 ----a-w- c:\documents and settings\Tim\Application Data\Move Networks\uninstall.exe
2010-02-21 01:11 . 2009-10-15 00:50 5642688 ----a-w- c:\documents and settings\Tim\Application Data\Move Networks\plugins\npqmp071701000002.dll
2010-02-21 01:11 . 2010-02-21 01:11 1794456 ----a-w- c:\documents and settings\Tim\Application Data\Move Networks\MoveMediaPlayerWin_071701000002.exe
2010-02-07 17:13 . 2010-02-07 17:13 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-02-04 19:03 . 2010-02-04 19:03 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-03 03:32 . 2010-02-03 03:33 36864 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
2010-01-30 16:46 . 2010-01-30 16:46 290816 ----a-w- c:\documents and settings\Tim\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2010-01-30 16:46 . 2010-01-30 16:46 290816 ----a-w- c:\documents and settings\Tim\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2010-01-30 16:46 . 2010-01-30 16:46 290816 ----a-w- c:\documents and settings\Tim\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2010-01-30 16:46 . 2010-01-30 16:46 290816 ----a-w- c:\documents and settings\Tim\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2010-01-22 23:49 . 2010-02-25 16:58 70984 ----a-w- c:\documents and settings\HelpAssistant\g2mdlhlpx.exe
2010-01-22 23:49 . 2010-01-22 23:49 70984 ----a-w- c:\documents and settings\Tim\g2mdlhlpx.exe
2010-01-19 02:58 . 2009-09-08 14:01 31064 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-15 00:02 . 2010-01-15 00:02 52224 ----a-w- c:\documents and settings\Tim\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-12 17:03 . 2010-01-12 17:03 182888 ----a-w- c:\windows\system32\nvcod.dll
2009-07-16 16:34 . 2009-07-16 16:34 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-07-16 16:34 . 2009-07-16 16:34 125848 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-07-16 16:34 . 2009-07-16 16:35 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Tim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-07 323392]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-10 2010864]
"Steam"="c:\program files\Steam\Steam.exe" [2010-03-22 1217872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-08-03 1626112]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-08 202256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-21 110184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-07-19 439568]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-12 14:02 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Tim^Start Menu^Programs^Startup^ScreenThemes.lnk]
path=c:\documents and settings\Tim\Start Menu\Programs\Startup\ScreenThemes.lnk
backup=c:\windows\pss\ScreenThemes.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 19:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2006-08-11 18:56 17920 ----a-w- c:\windows\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2006-08-11 18:56 18944 ----a-w- c:\windows\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-23 00:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 01:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
2009-07-08 23:02 2684200 ------w- c:\program files\CyberLink\Power2Go\Power2GoExpress.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\BitTorrent\\bittorrent.exe"=
"e:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\Tim\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Wonderland Online\\main.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\ONWIND\\ZU-ONLINE\\ZuOnline.exe"=
"c:\\Program Files\\ONWIND\\ZU-ONLINE\\BT_Update.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\AeriaGames\\12Sky\\TwelveSky.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"e:\\Program Files\\StarWarsGalaxies\\SwgClient_r.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Monte Cristo\\Cities XL\\cds\\CitiesXL_http.exe"=
"c:\\Program Files\\'Full Speed' Internet Booster + Performance Tests\\FullSpeed.exe"=
"c:\\Program Files\\Turbine\\Dungeons and Dragons Online - Stormreach - Lamannia\\dndclient.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Turbine\\DDO Unlimited\\dndclient.exe"=
"c:\\Program Files\\Sony\\EverQuest\\EQVoiceService.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\Program Files\\cdv Software Entertainment USA\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"c:\\Program Files\\cdv Software Entertainment USA\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\dlls\\ubiorbitapi_r1.dll"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager - Lamannia\\TurbineMessageService.exe"=
"c:\\Program Files\\Turbine\\Turbine Download Manager - Lamannia\\TurbineNetworkService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9323:TCP"= 9323:TCP:EKDiscovery
"56152:TCP"= 56152:TCP:Pando Media Booster
"56152:UDP"= 56152:UDP:Pando Media Booster
"9322:TCP"= 9322:TCP:EKDiscovery
"8882:TCP"= 8882:TCP:Services
"8883:TCP"= 8883:TCP:Services
"9616:TCP"= 9616:TCP:Services
"9617:TCP"= 9617:TCP:Services

R0 MrFilter;EasyWrite Driver;c:\windows\system32\drivers\MRFilter.sys [9/21/2009 8:19 AM 12096]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/3/2009 10:32 AM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/3/2009 10:32 AM 242696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 8:56 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 8:56 AM 66632]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/12/2010 10:02 AM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/12/2010 10:02 AM 308064]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [8/5/2009 1:49 PM 284016]
R2 PublicPreviewTurbineMessageService;Turbine Message Service - PublicPreview;c:\program files\Turbine\Turbine Download Manager - Lamannia\TurbineMessageService.exe [8/5/2009 3:00 PM 271856]
R3 PublicPreviewTurbineNetworkService;Turbine Network Service - PublicPreview;c:\program files\Turbine\Turbine Download Manager - Lamannia\TurbineNetworkService.exe [8/5/2009 3:00 PM 218608]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 8:56 AM 12872]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 se32;EnTech softEngine;c:\windows\system32\drivers\se32.sys [5/3/2007 12:19 PM 12112]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SASDIFSV
.
Contents of the 'Scheduled Tasks' folder

2010-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-2111687655-839522115-1003Core.job
- c:\documents and settings\Tim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 01:00]

2010-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-2111687655-839522115-1003UA.job
- c:\documents and settings\Tim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 01:00]

2010-04-10 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1004336348-2111687655-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-04-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1004336348-2111687655-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.marketamerica.com/timlandry
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\documents and settings\Tim\Application Data\Mozilla\Firefox\Profiles\mgvioudk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.marketamerica.com/timlandry
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Tim\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Tim\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 11:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1004336348-2111687655-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1004336348-2111687655-839522115-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-1004336348-2111687655-839522115-1003)
@Allowed: (Read) (S-1-5-21-1004336348-2111687655-839522115-1003)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1004336348-2111687655-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:35,24,e9,70,dc,26,0d,51,b5,9b,01,90,76,a0,88,33,50,80,ac,a1,f0,
21,62,4f,5c,97,95,83,89,a5,97,92,b7,e3,74,ea,bb,8e,f2,53,3e,e0,ef,9d,10,4c,\
"rkeysecu"=hex:39,8e,b4,03,43,b1,cb,7f,cd,57,48,f4,e3,f0,30,67
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2010-04-10 11:11:22 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-10 15:11
ComboFix2.txt 2010-04-10 00:55
ComboFix3.txt 2010-03-29 20:01
ComboFix4.txt 2010-03-27 16:41
ComboFix5.txt 2010-04-10 14:49

Pre-Run: 147,315,687,424 bytes free
Post-Run: 147,239,456,768 bytes free

- - End Of File - - 8EF854DF543919BAC82C2069B9D2E012

Attached Files



#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:48 AM

Posted 12 April 2010 - 10:23 AM

Hi,

Please leave the eset scan for now, it appears there may still be something lurking, also because of the the infection
you have you should be aware of the following information.


One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.


  • Please download HelpAsst_mebroot_fix.exe and save it to your desktop.
  • Close out all other open programs and windows.
  • Double click the file to run it and follow any prompts.
  • If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.
  • Upon restarting, please wait about 5 minutes, click Start>Run and type the following bolded command, then hit Enter.
helpasst -mbrt
  • Make sure you leave a space between helpasst and -mbrt !
  • When it completes, a log will open, Pease post the contents of that log.

unite.jpg


#13 bulldzr

bulldzr
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 12 April 2010 - 08:30 PM

ok here is the help asst log that you needed. i hope this will get me all straighten out i would hate to redo the computer again...... a lot of programs i would have pullout to get back in the system again ugh! that alone is a lot headache to do....

Attached Files



#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:48 AM

Posted 13 April 2010 - 10:47 AM

  • Go to Start >> Run, and type Notepad into the run box, then click Ok.
  • Copy and paste the following code into Notepad. ( Do not include the word "CODE")
CODE
net user HelpAssistant /active:no
net localgroup Administrators HelpAssistant /delete
net user HelpAssistant>log.txt&START log.txt
  • Click on the File tab, and select Save.
  • In the box that opens type help.bat for the File name.
  • Change the Save as type to All Files, then save it to your Desktop. (It should look like this )
  • Double click help.bat, a box will pop up briefly on your screen and disappear, this is normal.
  • It will produce a file on your desktop called log.txt, please copy and paste this in your next reply.



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

CODE
File::
c:\windows\System32\termsrv32.dll
MBR::
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]
"65533:TCP"=-
"52344:TCP"=-
"4414:TCP"=-
"7328:TCP"=-
"3389:TCP"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"=-
"52344:TCP"=-
"4414:TCP"=-
"7328:TCP"=-
"3389:TCP"=-


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



When combofix has done run HelpAsst_mebroot_fix.exe again as you did before.


Then please post back here with the following logs:
  • log.txt
  • Combofix.txt
  • HelpAsst_mebroot_fix log

Thanks

unite.jpg


#15 bulldzr

bulldzr
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 13 April 2010 - 03:21 PM

ok here all the logs you needed..... hope they help in someway.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users